Unrated severityNVD Advisory· Published Apr 10, 2015· Updated May 6, 2026

CVE-2015-1146

Description

The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1145.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Apple OS X before 10.10.3 has a code signing validation flaw allowing local privilege escalation via crafted bundles.

Vulnerability

The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, allowing local users to bypass intended access restrictions via a crafted bundle. This affects OS X Yosemite v10.10 through v10.10.2 and earlier versions [1].

Exploitation

A local attacker can craft a malicious bundle with an invalid or modified signature. By exploiting the improper validation, the attacker can cause the system to treat the bundle as signed by a trusted source, bypassing security checks.

Impact

Successful exploitation allows the attacker to bypass access restrictions, potentially gaining elevated privileges or accessing protected resources. The scope of compromise depends on the bundle's context, but could lead to local privilege escalation.

Mitigation

Apple addressed this vulnerability in OS X 10.10.3, released on April 8, 2015. Users should update to OS X 10.10.3 or later via the Software Update mechanism [1]. No workarounds were provided.

References

About the security content of OS X Yosemite v10.10.3 and Security Update 2015-004 - Apple Support

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <10.10.3
Apple Inc./OS Xllm-fuzzy
Range: <10.10.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/73982nvdExploitThird Party AdvisoryVDB Entry
lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlnvdVendor Advisory
www.securitytracker.com/id/1032048nvdThird Party AdvisoryVDB Entry
support.apple.com/HT204659nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000